AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Cloudformation VPC S3 interface endpoint with PrivateDnsEnabled and PrivateDnsOnlyForInboundResolverEndpoint set to false

0

So im trying to create S3 VPC interface endpoint using Cloudformation.

there is a field called "PrivateDnsOnlyForInboundResolverEndpoint" which is set to true automatically by default if I enable "private DNS names" to true.

I want to create the endpoint with private DNS names enabled but PrivateDnsOnlyForInboundResolverEndpoint set to false, for some reason I`m not able to to that.

There is no mention for it in the https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html

Also, it seems to be available only for the AWS cli https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html

Any suggestions ?

My current template looks like so:

AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template to create VPC interface endpoint for S3
Parameters:
  VPCId:
    Type: String
    Description: VPC to create the endpoint in
  SubnetId1:
    Type: String
    Description: Subnet ID for endpoint
Resources:
  S3VPCEndpoint:
    Type: 'AWS::EC2::VPCEndpoint'
    Properties:
      VpcId: !Ref VPCId
      SubnetIds: [!Ref SubnetId1]
      ServiceName: 'com.amazonaws.us-east-2.s3'
      VpcEndpointType: Interface
      PrivateDnsEnabled: true

I would imagine it would like so:

DnsOptions:
  PrivateDnsOnlyForInboundResolverEndpoint: false
トピック
ネットワークとコンテンツ配信管理とガバナンス
タグ
Amazon VPCAWS CloudFormation
言語
English
Shahar
質問済み 1年前1540ビュー
3回答
1

This can be achieved by invoking a lambda function from CloudFormation template with below steps.

1/ Create a lambda function with IAM permissions which can take input from CloudFormation, create vpc endpoint and return response to CloudFormation. https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/client/create_vpc_endpoint.html 2/ Update CloudFormation template to invoke this lambda function

Ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html

AWS
DarshanP
回答済み 1年前
  • Shahar
    1年前

    I dont think this is to way to solve it.. not even for a workaround.

0

I agree with you. It seems that there is no way to specify "PrivateDnsOnlyForInboundResolverEndpoint" field via AWS CloudFormation. You may use Former2 to confirm whether such field existis or not by scanning existing VPCEndpoint resource.

profile picture
エキスパート
Hiroki Takahashi
回答済み 1年前
  • Shahar
    1年前

    Well, I did that before posting.. So I can confirm no such field exists.

0

I also have this problem and have resorted to just manually creating the endpoints outside of the CF template. Cloudformation has a surprising number of bugs and limited features/properties of resources missing etc.

To add more context, I specifically have this problem 'PrivateDnsOnlyForInboundResolverEndpoint' only for the S3 endpoint interface type. I have successfully created an ec2 endpoint interface without a problem. My new solution is to use a Gateway endpoint for S3 instead.

jhundley9109
回答済み 8ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ